Capito Case Study

Capito Ltd is a multi-functional company based in Livingstone, Scotland. They supply ICT hardware and software as well as infrastructure consultancy and managed support services. A long-standing client of NQA, they opted for certification to ISO 27001 in order to protect their clients’ information assets.

Capito is confident they have now developed a rigorous and systematic approach to information security management. By gaining the demanding ISO 27001 certification, Capito is able to provide reassurance to its clients that their data, whether verbal, written or stored in an IT system, is preserved with integrity.

Successfully trading for over twenty years, Capito is a leading provider of IT consultancy services, enterprise infrastructure to end user computing solutions and managed support services to private and public sector customers throughout the UK.

The business is underpinned by its long standing relationship with class leading technology partners and its commitment to deliver success to customers.

Quality solutions

The company’s ethos has always focused on delivering the best quality technical solutions and service. Demonstrating this commitment has been achieved, in part, through certification to widely recognised standards. The organisation has worked with NQA for over ten years during which time it has been certified to ISO 9001 Quality Management and ISO 14001 Environmental Management.

Capito’s customers need to be able to rely absolutely on the security of the data that is handled and shared with the organisation so it was a logical step for Capito to seek certification to the information security standard ISO 27001.

“We wanted the ISO 27001 certification as part of our overall management system and to demonstrate to our customers our commitment to Information Security and our own continuous improvement objectives. It increases our credibility and assures our clients that we do business to the highest standards.” Says Managing Director, Alan Middleton.

Increasing security

The ISO 27001 standard is intended to bring information security under explicit management control. Companies use an Information Security Management System to minimise business risk and protect their clients’ information.

“We want our customers to have confidence in us. Our ISO 27001 certification demonstrates that our information security procedures have been assessed by independent auditors and that they meet the highest international standards. It is a clear endorsement of our ability to protect their information assets.”

Seeking certification

Given the nature of its business, Capito already had in place robust systems to ensure the security of its customers’ data. The company’s own internal auditing team were therefore tasked with designing and putting in place the additional management processes required for certification and ensuring that these worked seamlessly with its established protocols.

Most importantly, the journey towards certification also involved detailed communication with all staff. This was essential to ensure not only a buy-in from every level but also to capitalise on internal expertise when implementing the new procedures.

The final stage in the process was to work with a certification body for the audit. It was a natural step to approach NQA, given the long-standing relationship between the two organisations.

NQA has demonstrated time and again its understanding of the Capito business model and has always been ready to provide informed and practical advice on improvements that could be made. Alan Middleton explained:

“There was no question of choosing anyone else for the final auditing process. We’ve worked closely with NQA in the past when undertaking certification for ISO 9001 and ISO 14001 and we have always found the process easy and stress-free. We knew that they would provide us with support both before and after certification and it was for these reasons we chose to go with NQA.”

Client reassurance

Capito, with NQA, have now developed a rigorous and systematic approach to information security management. By gaining ISO 27001 certification, Capito is able to provide reassurance to its clients that their data, whether verbal, written or stored in an IT system, is preserved with integrity. Capito is extremely proud of this deserved award.